//package com.project.book.order.distributed.security.uaa.config;
//
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.security.authentication.AuthenticationManager;
//import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//import org.springframework.security.crypto.password.PasswordEncoder;
//
///**
// * 安全访问控制
//注意：和资源服务器的配置冲突了，ResourceServerConfig，配置到这个类里面去就可以了
// */
//@Configuration
//@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
////@EnableWebSecurity
//public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
//
//    /**
//     * 安全拦截机制（最重要）
//     * @param http
//     * @throws Exception
//     */
//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
//        http.csrf().disable()
//                // 先在是基友方法的授权，基于web的授权可以屏蔽掉
//                .authorizeRequests()
////                 .antMatchers("/order/r1").hasAnyAuthority("p1")
////                 .antMatchers("/order/r2").hasAnyAuthority("p2")
//                .antMatchers("/r1").hasAnyAuthority("p1")
//                .antMatchers("/r2").hasAnyAuthority("p2")
////                .antMatchers("/order/r*").authenticated() // 所有/r/**的请求都必须认证通过
//                .anyRequest().permitAll(); // 除了/r/**，其他的请求都可以访问
//    }
//}